CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45103
https://notcve.org/view.php?id=CVE-2024-45103
13 Sep 2024 — A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. • https://support.lenovo.com/us/en/product_security/LEN-154748 • CWE-282: Improper Ownership Management •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45101
https://notcve.org/view.php?id=CVE-2024-45101
13 Sep 2024 — A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL. • https://support.lenovo.com/us/en/product_security/LEN-154748 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.3EPSS: 0%CPEs: 139EXPL: 0CVE-2024-8281
https://notcve.org/view.php?id=CVE-2024-8281
13 Sep 2024 — An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell. • https://support.lenovo.com/us/en/product_security/LEN-172051 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 139EXPL: 0CVE-2024-8280
https://notcve.org/view.php?id=CVE-2024-8280
13 Sep 2024 — An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file. • https://support.lenovo.com/us/en/product_security/LEN-172051 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 139EXPL: 0CVE-2024-8279
https://notcve.org/view.php?id=CVE-2024-8279
13 Sep 2024 — A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. • https://support.lenovo.com/us/en/product_security/LEN-172051 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 139EXPL: 0CVE-2024-8278
https://notcve.org/view.php?id=CVE-2024-8278
13 Sep 2024 — A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. • https://support.lenovo.com/us/en/product_security/LEN-172051 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7756
https://notcve.org/view.php?id=CVE-2024-7756
13 Sep 2024 — A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell. • https://support.lenovo.com/us/en/product_security/LEN-165524 • CWE-489: Active Debug Code •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-4550
https://notcve.org/view.php?id=CVE-2024-4550
13 Sep 2024 — A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code. A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-165524 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.7EPSS: 0%CPEs: 55EXPL: 0CVE-2024-3100
https://notcve.org/view.php?id=CVE-2024-3100
13 Sep 2024 — A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-165524 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6004
https://notcve.org/view.php?id=CVE-2024-6004
16 Aug 2024 — A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted. • https://iknow.lenovo.com.cn/detail/422688 • CWE-400: Uncontrolled Resource Consumption •